<?php
/*****************************************************************************\
+-----------------------------------------------------------------------------+
| X-Cart                                                                      |
| Copyright (c) 2001-2007 Ruslan R. Fazliev <rrf@rrf.ru>                      |
| All rights reserved.                                                        |
+-----------------------------------------------------------------------------+
| PLEASE READ  THE FULL TEXT OF SOFTWARE LICENSE AGREEMENT IN THE "COPYRIGHT" |
| FILE PROVIDED WITH THIS DISTRIBUTION. THE AGREEMENT TEXT IS ALSO AVAILABLE  |
| AT THE FOLLOWING URL: http://www.x-cart.com/license.php                     |
|                                                                             |
| THIS  AGREEMENT  EXPRESSES  THE  TERMS  AND CONDITIONS ON WHICH YOU MAY USE |
| THIS SOFTWARE   PROGRAM   AND  ASSOCIATED  DOCUMENTATION   THAT  RUSLAN  R. |
| FAZLIEV (hereinafter  referred to as "THE AUTHOR") IS FURNISHING  OR MAKING |
| AVAILABLE TO YOU WITH  THIS  AGREEMENT  (COLLECTIVELY,  THE  "SOFTWARE").   |
| PLEASE   REVIEW   THE  TERMS  AND   CONDITIONS  OF  THIS  LICENSE AGREEMENT |
| CAREFULLY   BEFORE   INSTALLING   OR  USING  THE  SOFTWARE.  BY INSTALLING, |
| COPYING   OR   OTHERWISE   USING   THE   SOFTWARE,  YOU  AND  YOUR  COMPANY |
| (COLLECTIVELY,  "YOU")  ARE  ACCEPTING  AND AGREEING  TO  THE TERMS OF THIS |
| LICENSE   AGREEMENT.   IF  YOU    ARE  NOT  WILLING   TO  BE  BOUND BY THIS |
| AGREEMENT, DO  NOT INSTALL OR USE THE SOFTWARE.  VARIOUS   COPYRIGHTS   AND |
| OTHER   INTELLECTUAL   PROPERTY   RIGHTS    PROTECT   THE   SOFTWARE.  THIS |
| AGREEMENT IS A LICENSE AGREEMENT THAT GIVES  YOU  LIMITED  RIGHTS   TO  USE |
| THE  SOFTWARE   AND  NOT  AN  AGREEMENT  FOR SALE OR FOR  TRANSFER OF TITLE.|
| THE AUTHOR RETAINS ALL RIGHTS NOT EXPRESSLY GRANTED BY THIS AGREEMENT.      |
|                                                                             |
| The Initial Developer of the Original Code is Ruslan R. Fazliev             |
| Portions created by Ruslan R. Fazliev are Copyright (C) 2001-2007           |
| Ruslan R. Fazliev. All Rights Reserved.                                     |
+-----------------------------------------------------------------------------+
\*****************************************************************************/

#
# $Id: cc_protx.php,v 1.34.2.9 2007/09/06 08:10:14 zaa Exp $
#

function simpleXor($InString, $Key)
{
	$KeyList = array();
	$output = "";
	
	for($i=0;$i<strlen($Key);$i++)
		$KeyList[$i] = ord(substr($Key, $i, 1));

	for($i=0;$i<strlen($InString);$i++)
		$output.= chr(ord(substr($InString, $i, 1)) ^ ($KeyList[$i % strlen($Key)]));

	return $output;
}


if (!isset($REQUEST_METHOD))
	$REQUEST_METHOD = $HTTP_SERVER_VARS["REQUEST_METHOD"];

if ($REQUEST_METHOD == "GET" && $HTTP_GET_VARS["crypt"]) {
	require "./auth.php";

	# [Status=OK&VendorTxCode=xcart324243&TxAuthNo=28566&AVSCV2=DATA NOT CHECKED&Amount=45.95&VPSTxID={00000033-0BF6-0001-0000-9687261DE084}]
	$pass = func_query_first_cell("SELECT param02 FROM $sql_tbl[ccprocessors] WHERE processor='cc_protx.php'");
	$crypt = str_replace(" ", "+", $crypt);
	$response = array();
	parse_str(simpleXor(base64_decode($crypt), $pass), $response);

	$bill_output["sessid"] = func_query_first_cell("select sessionid from $sql_tbl[cc_pp3_data] where ref='".func_addslashes($response['VendorTxCode'])."'");

	if (trim($response['Status']) == "OK") {
		$bill_output["code"] = 1;
		$bill_output["billmes"] = "AuthNo: ".$response['TxAuthNo'].";\n";
	} else {
		$bill_output["code"] = 2;
		$bill_output["billmes"] = "Status: ".$response['StatusDetail']." (".trim($response['Status']).")\n";
	}

	if (!empty($response['VPSTxId'])) {
		$bill_output["billmes"] .= " (TxID: ".trim($response['VPSTxId']).")\n";
	}

	if (!empty($response['AVSCV2'])) {
		$bill_output["billmes"] .= " (AVS/CVV2: {".trim($response['AVSCV2'])."})\n";
	}

	if (!empty($response['AddressResult'])) {
		$bill_output["billmes"] .= " (Address: {".trim($response['AddressResult'])."})\n";
	}

	if (!empty($response['PostCodeResult'])) {
		$bill_output["billmes"] .= " (PostCode: {".trim($response['PostCodeResult'])."})\n";
	}

	if (!empty($response['CV2Result'])) {
		$bill_output["billmes"] .= " (CV2: {".trim($response['CV2Result'])."})\n";
	}

	if (!empty($response['3DSecureStatus'])) {
		$bill_output["billmes"] .= " (3D Result: {".trim($response['3DSecureStatus'])."})\n";
	}

	if (isset($response['Amount'])) {
		$payment_return = array(
			"total" => $response['Amount']
		);
	}

	require($xcart_dir."/payment/payment_ccend.php");
} else {
		if (!defined('XCART_START')) { header("Location: ../"); die("Access denied"); }

		$pp_merch = $module_params["param01"];
		$pp_pass = $module_params["param02"];
		$pp_curr = $module_params["param03"];
		# Determine request URL (simulator, test server or live server)
		switch ($module_params['testmode']) {
		case 'S':
			$pp_test = 'https://ukvpstest.protx.com/VSPSimulator/VSPFormGateway.asp';
			break;
		case 'Y':
			$pp_test = 'https://ukvpstest.protx.com/vspgateway/service/vspform-register.vsp';
			break;
		default:
			$pp_test = 'https://ukvps.protx.com/vspgateway/service/vspform-register.vsp';
		}
		$pp_shift = preg_replace("/[^\w\d_-]/S", "", $module_params["param05"]);
		$_orderids = join("-",$secure_oid);
		if (!$duplicate)
			db_query("REPLACE INTO $sql_tbl[cc_pp3_data] (ref,sessionid) VALUES ('".addslashes($pp_shift.$_orderids)."','".$XCARTSESSID."')");

		$crypt = "VendorTxCode=".$pp_shift.$_orderids."&";
		$crypt.= "Amount=".price_format($cart["total_cost"])."&";
		$crypt.= "Currency=".$pp_curr."&";
		$crypt.= "Description=Your Cart&";
		$crypt.= "SuccessURL=".$http_location."/payment/cc_protx.php&";
		$crypt.= "FailureURL=".$http_location."/payment/cc_protx.php&";
		$crypt.= "CustomerName=".$bill_name."&";
		$crypt.= "CustomerEMail=".$userinfo["email"]."&";
		$crypt.= "ContactNumber=".$userinfo["phone"]."&";
		$crypt.= "ContactFax=".$userinfo["fax"]."&";
		$crypt.= "VendorEMail=".$config["Company"]["orders_department"]."&";

		$shipping_address = array();
		$shipping_address[] = $userinfo["s_address"];
		if (!empty($userinfo["s_address_2"]))
			$shipping_address[] = $userinfo["s_address_2"];
		$shipping_address[] = $userinfo["s_city"];
		if (!empty($userinfo["s_countyname"]))
			$shipping_address[] = $userinfo["s_countyname"];
		$shipping_address[] = empty($userinfo["s_statename"]) ? $userinfo["s_state"] : $userinfo["s_statename"];
		$shipping_address[] = empty($userinfo["s_countryname"]) ? $userinfo["s_country"] : $userinfo["s_countryname"];
	
		$crypt.= "DeliveryAddress=".implode(" ", $shipping_address)."&";
		$crypt.= "DeliveryPostCode=".$userinfo["s_zipcode"]."&";
		
		$billing_address = array();
		$billing_address[] = $userinfo["b_address"];
		if (!empty($userinfo["b_address_2"]))
			$billing_address[] = $userinfo["b_address_2"];
		$billing_address[] = $userinfo["b_city"];
		if (!empty($userinfo["b_countyname"]))
			$billing_address[] = $userinfo["b_countyname"];
		$billing_address[] = empty($userinfo["b_statename"]) ? $userinfo["b_state"] : $userinfo["b_statename"];
		$billing_address[] = empty($userinfo["b_countryname"]) ? $userinfo["b_country"] : $userinfo["b_countryname"];
	
		$crypt.= "BillingAddress=".implode(" ", $billing_address)."&";
		$crypt.= "BillingPostCode=".$userinfo["b_zipcode"]."&";
		$crypt.= "AllowGiftAid=0&";
		$crypt.= "ApplyAVSCV2=".$module_params["param06"]."&";
		$crypt.= "Apply3DSecure=".$module_params["param07"]."&";

		func_create_payment_form(
			$pp_test,
			array(
				"VPSProtocol" => "2.22",
				"Vendor" => $pp_merch,
				"TxType" => "PAYMENT",
				"Crypt" => base64_encode(simpleXor($crypt."Basket=".func_cc_protx_get_basket(), $pp_pass))
			),
			"Protx VSP Form"
		);
}
exit;

?>
